Questions tagged with Service Control Policy
Content language: English
Select up to 5 tags to filter
Sort by most recent
Browse through the questions and answers listed below or filter and sort to narrow down your results.
The goal is to implement a control similar to an allowlist where only allowed external accounts can assume roles inside the org.
Here’s what I’ve tried:
- tried restricting the sts:assumerole...
2
answers
0
votes
1173
views
asked a year agolg...
Nothing to see here!!!!!!!!!!!!!!!!!!!!!!
1
answers
-2
votes
249
views
asked a year agolg...
Greetings,
**Context**
We are in the process of building out our SCPs to fit our specific needs. One of the SCPs we are building is to ***only*** allow approved AWS Services.
We started with the...
1
answers
0
votes
1123
views
asked a year agolg...
I'm trying to setup a scp to prevent iam:CreateUser and iam:CreateAccessKey for all the IAM users except the administrators. The issue is administrators IAM role arn is like...
2
answers
0
votes
708
views
asked a year agolg...
Hi all,
We are using **AWS Control Tower** to manage **AWS Accounts** in our **Landing Zone**,
Unfortunately one of our principal regions (**eu-south-1**) isn't governed by **Control Tower**, so in...
1
answers
0
votes
928
views
asked a year agolg...
Getting the following exception while trying to access the AWS Comprehend using aws_access_key_id, aws_secret_access_key, aws_session_token.
"ClientError: An error occurred (AccessDeniedException)...
1
answers
0
votes
270
views
asked a year agolg...
We have an 'unauthorised API call' alarm that is being tripped by Amazon Inspector.
It's attempting to download windows.zip from an AWS Public Bucket. Here is a snippet of the Cloudwatch log:-
```
...
1
answers
0
votes
553
views
asked a year agolg...
Need help
I just installed codeploy on an Ubuntu EC2 instance and armed a pipeline on bitbucket to trigger deployments. My deployments fail on the first events (ApplicationStop and...
3
answers
0
votes
458
views
asked a year agolg...
I've recently joined an organisation which has EC2 Instances, S3 buckets and Elastic Beanstalk applications. Everything looks empty to me while previous developer has all the access to those services....
1
answers
0
votes
848
views
asked a year agolg...
Hi there,
We have a service control policy attached for our account with explicit Deny on Dynamodb Delete Item.
We have enabled Point in Time Recovery for the tables as well.
When I was trying to...
1
answers
0
votes
263
views
asked a year agolg...
Hi,
For some reason I am not able to create Ubuntu managed nodes in fully private cluster. Though, managed Amazon-Linux nodes and all other self-managed nodes are joining the cluster successfully. I...
0
answers
0
votes
136
views
asked 2 years agolg...
I know we can (and have) locked down access to specific AWS regions. My question is, is it possible to lockdown AZ's with service control policies?
2
answers
0
votes
347
views
asked 2 years agolg...